Add new SessionUtil method to retrieve session id from shopify ID token

Shopify · Apr 17, 2024 · 1b440b9 · 1b440b9
1 parent c1163e0
commit 1b440b9
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 0 deletions.
diff --git a/lib/shopify_api/utils/session_utils.rb b/lib/shopify_api/utils/session_utils.rb
@@ -48,6 +48,23 @@ def current_session_id(auth_header, cookies, online)
           end
         end
 
+        sig do
+          params(
+            id_token: String,
+            online: T::Boolean,
+          ).returns(String)
+        end
+        def session_id_from_shopify_id_token(id_token:, online:)
+          payload = Auth::JwtPayload.new(id_token)
+          shop = payload.shop
+
+          if online
+            jwt_session_id(shop, payload.sub)
+          else
+            offline_session_id(shop)
+          end
+        end
+
         sig { params(shop: String, user_id: String).returns(String) }
         def jwt_session_id(shop, user_id)
           "#{shop}_#{user_id}"

diff --git a/test/utils/session_utils_test.rb b/test/utils/session_utils_test.rb
@@ -0,0 +1,52 @@
+# typed: false
+# frozen_string_literal: true
+
+require_relative "../test_helper"
+
+module ShopifyAPITest
+  module Utils
+    class SessionUtils < Test::Unit::TestCase
+      def setup
+        super
+        @user_id = "my_user_id"
+        @shop = "test-shop.myshopify.io"
+
+        @jwt_payload = {
+          iss: "https://#{@shop}/admin",
+          dest: "https://#{@shop}",
+          aud: ShopifyAPI::Context.api_key,
+          sub: @user_id,
+          exp: (Time.now + 10).to_i,
+          nbf: 1234,
+          iat: 1234,
+          jti: "4321",
+          sid: "abc123",
+        }
+
+        @jwt_token = JWT.encode(@jwt_payload, ShopifyAPI::Context.api_secret_key, "HS256")
+      end
+
+      def test_gets_online_session_id_from_shopify_id_token
+        expected_session_id = "#{@shop}_#{@user_id}"
+        assert_equal(
+          expected_session_id,
+          ShopifyAPI::Utils::SessionUtils.session_id_from_shopify_id_token(id_token: @jwt_token, online: true),
+        )
+      end
+
+      def test_gets_offline_session_id_from_shopify_id_token
+        expected_session_id = "offline_#{@shop}"
+        assert_equal(
+          expected_session_id,
+          ShopifyAPI::Utils::SessionUtils.session_id_from_shopify_id_token(id_token: @jwt_token, online: false),
+        )
+      end
+
+      def test_session_id_from_shopify_id_token_raises_invalid_jwt_errors
+        assert_raises(ShopifyAPI::Errors::InvalidJwtTokenError) do
+          ShopifyAPI::Utils::SessionUtils.session_id_from_shopify_id_token(id_token: "invalid_token", online: true)
+        end
+      end
+    end
+  end
+end